Content Filtering on Windows Home Server 2011

UPDATE: we no longer recommend installing qlproxy on WHS 2011 as ICAP integration with Squid has become much more superior to using qlproxy as URL rewriter… when next release of Squid possibly support Windows I will update the instructions on how to set up content filtering for WHS + SQUID + qlproxy. For now you may try Diladele Web Safety a companion product for qlproxy that brings content filtering to your desktops and laptops.

See the Windows 8 updated instruction on https://sichent.wordpress.com/2013/04/04/blocking-ads-and-protecting-online-privacy-with-squid-microsoft-windows-8-and-diladele-web-safety

This short (visual 🙂 ) HOWTO will show you how to set up a free web filtering solution to speed up and secure your home / small enterprise web surfing network running on Windows Home Server 2011 platform. This HOWTO is a companion to Installing Squid on Windows Home Server (WHS) 2011. It assumes you followed all the steps presented there and have the running “Squid on Windows” environment.

Step 1. Install QuintoLabs Content Security

In order to get the installation package go the http://quintolabs.com/qlicap_download.php and download binary MSI for Microsoft Windows Home Server 2011. The same package can actually be used in all flavors of Microsoft Windows – even in Windows 8 Developer Preview 🙂 ! Save it on the desktop, right click and choose Install as indicated on the following screenshot.

When installer starts, accept the terms in License Agreement and press Next.

Let it run for a while and press Finish when installation successfully completes.

The only inconvenience is the application is installed in C:\quintolabs and for now the installation folder can not be changed. The reason for this is the cross platform nature of the application when it is quite common for a Linux targeted application to specify the predefined full paths to its configuration files, and in Windows the user chooses where to install the application.

Upon successful installation the program should add “QuintoLabs Content Security” service to the system (qlproxyd.exe). In order to prove it, press Windows + R, type services.msc and find the service in the opened MMC window. Startup type should be set to Automatic.

Right click the service name and choose Start. Service status should change to Running. The task manager will show qlproxyd.exe process running under SYSTEM account.

Step 2. Integration with Squid

The README file in installation directory contains detailed instructions about how to integrate qlproxy with locally installed Squid to perform content filtering on the web traffic.

The integration is straight forward. Open c:\squid\etc\squid.conf in the notepad and find url_rewrite_program directive. Uncomment it and add the following (typed as ONE line):

url_rewrite_program C:/quintolabs/opt/quintolabs/qlproxy/sbin/qlproxyd_redirector.exe --config_path=C:/quintolabs/etc/opt/qlproxy/qlproxyd.conf

NOTE: pay attention that forward slashes are used here as path delimiter and NOT backslashes as common in Windows.

Change url_rewrite_children to 10.

Start the Squid service and notice the specified number of URL rewrite processes (qlproxyd_redirector.exe) running in Task Manager.

Open your browser, go to your favorite web site and see how qlproxyd filters objectionable content.

Resume

We have installed QuintoLabs Content Security on the Windows Home Server 2011 with running Squid version 2.7. QuintoLabs provides URL filtering and web traffic sanitation, Squid provides central caching for all the browsers in the home network.

Unfortunately URL rewrite technology used in Squid 2.7 is limited at what it can do. Only URLs are analyzed, in order to analyze the HTTP response headers and contents of the response we would need Squid 3+ with ICAP enabled… but there is no stable build for WHS at the moment. We could install VMWare (or another virtualization solution) on the server and deploy the Tiny Virtual Appliance from QuintoLabs with preinstalled Linux Debian, Squid 3+ and qlproxy 1.4. Instructions how this virtual appliance was made can be found here.

Used documentation links

About sichent

sichent
This entry was posted in Network, proxy, squid, WHS. Bookmark the permalink.

6 Responses to Content Filtering on Windows Home Server 2011

  1. Pingback: Installing Squid on Windows Home Server (WHS) 2011 | sichent

  2. Nuno says:

    Hello
    First of all great job with this topic, and thank you for sharing with us

    I have a lot of questions regarding this topic:
    1- when you say to “Open c:\squid\etc\squid.conf in the notepad and find url_rewrite_program directive. Uncomment it and add the following (typed as ONE line):
    url_rewrite_program C:/quintolabs/qlproxy/opt/sbin/qlproxyd_redirector.exe –config_path=C:/quintolabs/qlproxy/opt/etc/qlproxyd.conf” I don’t find the line started with “url_rewrite_program” but i found a line started with “# TAG: url_rewrite_program” is to replace this line with the mentioned by you??

    2-When you say to change de parameter “url_rewrite_children to 10” is to remove the charater # to??

    3- If i whant to setup any of this features into quintolabs:

    Block Advertisements
    Block Inappropriate Web Sites (URL Categorization)
    Block Inappropriate Web Sites (DNS Categorization)
    Block Inappropriate Downloads (MP3, Video, ISO Images)
    Block Pages in Various Languages
    Block Inappropriate Transfer Encodings
    Block Web Sites with Inappropriate Contents (Phrase Filtering)
    Customizing Blocked HTML Template Page

    where I can setup this features if you know? or where I can find a tutorial with this info.

    Best regards

  3. Pingback: QuintoLabs Content Security | Our online home away from home

  4. Markus says:

    Hi,

    thanks for your great description. There is a new version of Quintolabs available – “Stable Release 2.0.0.1cbef (build on April 16th, 2012)”.

    This requires a new path in the url_rewrite_program entry, otherwise squid service will not start (squid error 1067).

    url_rewrite_program C:/quintolabs/opt/quintolabs/qlproxy/sbin/qlproxyd_redirector.exe –config_path=C:/quintolabs/etc/opt/qlproxy/qlproxyd.conf

    BR

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s